Multi-factor authentication (MFA) means that even if someone learns your password, they still cannot get into your account without a second factor — a tap on your phone or a one-time code. It stops the overwhelming majority of account takeovers, and it takes about five minutes to set up.
What you will need
- Your work email and current password
- A smartphone with the Microsoft Authenticator app installed
Turn it on
- On your computer, go to aka.ms/mfasetup and sign in.
- Choose Add sign-in method, then pick Authenticator app.
- Open Microsoft Authenticator on your phone, tap the +, and choose Work or school account.
- Scan the QR code shown on your computer screen.
- Approve the test notification that appears on your phone.
That is it — from now on you will approve a prompt on your phone when you sign in somewhere new.
A few good habits
- Add a second method (a phone number) as backup, in case you lose your phone.
- Never approve a prompt you did not start. If your phone buzzes out of the blue, deny it and tell us.
- We will never ask you to read out a code or approve a prompt over the phone.
If you get a new phone, set Authenticator up on it before you wipe the old one, or contact us and we will reset it for you.
Frequently asked
- Do I have to use my personal phone?
- The Authenticator app only stores a security token, not access to your phone. If you would rather not use a personal device, talk to us about a hardware key or a separate method.
- What happens if I lose my phone?
- Contact Queenstown IT and we will reset your MFA so you can register a new device. This is why a backup method is worth adding.
- Is a text message code good enough?
- It is far better than nothing, but the Authenticator app is more secure because codes sent by text can be intercepted. We recommend the app where possible.
Still stuck?
If this didn't sort it, talk to a human — we're happy to help.